Medical staffers fall for phishing emails, data on 8,300 compromised

About 8,300 patients of Washington-based Franciscan Medical Group (FMG) are being notified that their personal information may have been compromised after nearly 20 employees responded to information requests in phishing emails purporting to come from FMG’s parent company, Catholic Health Initiatives.

How many victims? About 8,300.

What type of personal information? Demographic information, including names, addresses, dates of birth, and phone numbers. Clinical information, including treating physicians and/or departments, diagnoses, treatments received, medical record numbers, medical service codes, and health insurance information. Social Security numbers were included in some instances.

What happened? Nearly 20 FMG employees responded to a request for information in phishing emails, which purported to come from Catholic Health Initiatives, FMG’s parent company.

What was the response? FMG secured the impacted email accounts and began an investigation with an external forensics firm. FMG is educating staffers on phishing emails and is enhancing login authentication. All impacted individuals are being notified.

Details: FMG learned of the incident on Jan. 27.

Quote: “We have no evidence that the information in the emails has been used in any way,” according to a notification posted to the Franciscan Health System website.